[Date Prev][Date Next]
DO script IF ldap-useraccount GETS LOCKED ...
Hi Gurus out there!
Is there a Way to have OpenLDAP start a script that kicks in whenever a
LDAP User-Object got locked down ?? (through manual lock OR more
important, through a intruder detection / x failed logon attempts )
My Problem is that whenever a LDAP Account got locked because of
exceeding max. failed logon attempts the corresponding SAMBA Account
(same LDAP Object) is still "unlocked". So when however the user cannot
log back in to LDAP, he is still able to log in on Windows-workstation
(samba) and reset his password. But reseting his SAMBA Password through
Windows PC does also reset his LDAP Password through
Password-Syncronisation. That means that his Locked LDAP Account is
again "unlocked" because Samba's LDAP-Admin reseted the Password of my
locked LDAP User.
So i want to make sure that if he fucks up his LDAP account , his SAMBA
account will also be disabled.
Some Hook for a custom script would be fine. But is there something like
Any other Ideas how to manage that ?